Damballa Unveils the Industry’s First Research on the Growth of
Mobile Malware Criminal Command-and-Control Activity; Also Discloses
List of the Most Abused Top Level Domains and Top 10 Botnets in North
America

September 07, 2011 12:09 PM Eastern Daylight Time

ATLANTA--(BUSINESS WIRE)--Damballa® Labs, the research and cyber intelligence arm of Damballa
Inc., today released its “Threat Report – First Half 2011.” The Threat
Report includes the security industry’s only known research findings
into compromised smartphones actively engaging with criminal
command-and-control (C&C) servers, as well an analysis of the top 10
largest botnets in North America and the top 10 most abused top level
domains (TLDs). The report can be downloaded at http://landing.damballa.com/20110907-Damballa1H2011ThreatReport.html.

The report looks at Internet crime trends with a specific focus on
criminal C&C activity in North America as monitored by Damballa Labs
over the first six months of 2011. The Damballa Threat Report reveals a
number of findings, including:

The top 10 largest botnets for the first half of 2011

A first-ever look at the growth in mobile malware C&C activity

The top 10 most abused TLDs

“Criminal operators continue to hone their craft in 2011 using crimeware
that can be repurposed for multiple fraud opportunities, sold or leased
to other criminals, and that is now successfully infiltrating the mobile
space,” said Gunter Ollmann, vice president of research for Damballa.
“As the arms race rages on between the criminals, their increasingly
federated crime-as-a-service ecosystem, and the security professionals
tasked with combating them, it has become increasingly important that
the defenders obtain advanced knowledge of the existence and behavior of
new criminal operators and their network of infected assets.”

“OneStreetTroop,” the Damballa reference to a botnet operation reliant
on crimeware generated by the popular SpyEye do-it-yourself (DIY)
construction set, climbed from number 10 in 2010 to the number 1
position for the first half of 2011.

The prevalence of improved DIY crimeware construction kits and
associated exploit packs is visible in the makeup of the results for
the first half of 2011; with 8 out of the top 10 largest botnets
utilizing popular “off-the-shelf” construction kits.

Mobile Threats

Over the first six months of 2011, the number of hijacked Android
devices engaging in “live” communications with criminal operators grew
at a significant rate.

Until recently, mobile malware abuse has been limited, to some extent,
to premium rate fraud or other tactics that did not rely on a
command-and-control architecture. Having mobile malware contact the
criminal operator and establish two-way Internet communication now
makes the mobile market as susceptible to criminal breach activity as
desktop devices.

Most Abused TLDs for Live C&C

Not surprisingly, the most popular TLDs (.com, .info, .net, .org and
.biz) are among the top 10 most abused by criminals.

The TLD “.in” (India) ranked as the fifth most popular TLD for C&C
use. This country code TLD has not historically been considered to be
heavily abused.

90 percent of all “live” C&C take advantage of the top 10 most abused
TLDs.

About Damballa Labs - Damballa Labs is a team of recognized authorities
in cyber threats, malware analysis, and applied scientific research that
collaborate with some of the best minds in the academic community to
discover new and innovative ways to stay ahead of cyber crime activity.
Specifically, Damballa Labs retains some of the most knowledgeable
experts on DNS, machine learning technologies, and criminal
command-and-control infrastructure.

About Damballa Inc. - Pioneering the fight against cybercrime, Damballa
protects enterprise, ISP and cloud networks from the devastating effects
of targeted attacks, persistent threats, advanced malware, and other
cyber threats. Damballa provides the only network security solution that
detects and terminates remote-control communication used by criminals to
breach networks. Patent-pending solutions from Damballa are platform and
system-agnostic, protecting networks with any device type including PCs,
Macs, smartphones, and mobile devices. Headquartered in Atlanta,
Damballa customers include Fortune 2000 companies, government and
educational organizations, and Internet and telecommunication providers. http://www.damballa.com.